A Penton Media Property
March 19, 2008
If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384678-0-0-0-1-2-207
----------------------------------------
ADVERTISEMENT
Lieberman Software
Are Systems Management Vendors Letting You Down?
Have you invested in expensive Microsoft management tools, CA Unicenter,
IBM Tivoli, Novell Zenworks, or HP OpenView, only to find that you still
don't have a solution that actually manages the local security of your
Windows servers and workstations? Are you still wasting time writing
scripts or using group policies that sometimes work and sometimes don't?
You have better things to do. Lieberman Software's User Manager Pro
Suite lets you centrally control all of your users, groups, memberships,
shares, auditing, and more - without scripts, agents, group policies or
other time wasters. Now that you have expensive systems management tools
from the big guys, let User Manager Pro Suite fill in your security
management gaps at a price you can afford.
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384679-0-0-0-1-2-207
----------------------------------------
IN FOCUS
--Web Security Scanning Is Paramount
by Mark Joseph Edwards, News Editor
A couple of weeks ago, a few high-profile sites were hacked. The sites
were properties of CNET Networks (ZDNet Asia, TV.com, News.com, and
mySimon.com), TorrentReactor, and possibly others. The hack consisted of
injecting an IFRAME tag into Web pages, and the IFRAME led to malicious
content.
According to Dancho Danchev, who discovered the problem (see the URL
below for more information), more than 100,000 Web pages were affected
at the sites I mentioned. While news of these hacked sites spread
rapidly, they certainly weren't the only sites affected.
ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384680-0-0-0-1-2-207)
I ran a query at Google and within seconds discovered that University of
Pittsburgh, North Carolina State University, and the heavily trafficked
Internet Archive (archive.org) were also infected--to name only a few.
To see the extent of the damage yourself, type "intitle:iframe src" in
the Google search field. To see if Google has indexed any of your sites'
pages as being affected, type "site:yourdomainname in the Google search
field. You can visit Google's Advanced Operators page at the URL below
for more help with the intitle: and site: tags.
www.google.com/help/operators.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384681-0-0-0-1-2-207)
This particular attack takes advantage of sites that don't sanitize
user-supplied input, typically entered in a Web form. In these
instances, the hacker enters a search query string along with the text
of an HTML-based IFRAME tag. The sites' search engines cache the query
string and the query results without removing unwanted content, such as
HTML. As a result, the user-supplied query string (which contains HTML)
becomes part of the cached Web pages. When someone lands on an affected
cached page, the IFRAME injects unwanted content onto the page that
could lead to malicious content. Compounding the problem further, the
cached pages show up in search engines, which of course can lead to
widespread infection.
In "Online Fraud Continues to Escalate" (February 20, at the URL below)
I wrote about online fraud as reported by Cyveillance. The company had
issued a report that stated that of all the phishing pages discovered in
first quarter 2007, 34 percent were hosted on compromised existing Web
sites. The recent widespread injection of IFRAME tags goes to show just
how easily a site can be compromised. If you haven't scanned your sites
for vulnerabilities, you should probably get started right away.
www.windowsitpro.com/Windows/article/articleid/98332/online-fraud-continues-to-escalate.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384682-0-0-0-1-2-207)
Back in November 2007, I wrote about a comparative review of Web
security scanners conducted by Larry Suto, an application security
consultant. You can read about that report at the first URL below. Suto
examined three commercially available Web application scanners: NT
OBJECTives' NTOSpider (at the second URL below), Watchfire AppScan (at
the third URL), and SPI Dynamic's WebInspect (now known as HP
WebInspect, at the fourth URL). Suto found NTOSpider to be the superior
product.
windowsitpro.com/article/articleid/97517/web-security-scanning-david-vs-goliath.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384683-0-0-0-1-2-207)
ntobjectives.com/products/ntospider.php
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384684-0-0-0-1-2-207)
www.watchfire.com/products/appscan/default.aspx
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384685-0-0-0-1-2-207)
www.spidynamics.com/products/webinspect/
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384686-0-0-0-1-2-207)
Last week, I learned that NT OBJECTives and eEye Digital Security have
teamed up. eEye is now using NTOSpider as the core of its newly launched
Retina Web Security Scanner (RWSS--at the URL below). I recently spoke
with John-Marc Clark (VP of marketing at eEye) and JD Glaser (CEO at NT
OBJECTives), and they told me that going forward, NT OBJECTives will
handle the evolution of NTOSpider and that eEye will continue it to use
as the basis for future upgrades to its RWSS product.
www.eeye.com/html/products/RetinaWebScanner/index.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384687-0-0-0-1-2-207)
Clark said that eEye sees a significant demand for Web scanners, thus
the company's entry into the field. Right now, RWSS is strictly a
software offering. However, sometime in the next several months, the
company will make RWSS available as a plug-and-play appliance. In the
more distant future, the company might also offer RWSS as a Web-based
managed service. Given what Suto found in his comparative analysis,
eEye's RWSS product could be a strong solution.
There are certainly other Web scanning tools available for your
consideration. Some of the tools I know about are listed below:
Acunetix Web Vulnerability Scanner
www.acunetix.com/vulnerability-scanner/
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384688-0-0-0-1-2-207)
Cenzic Hailstorm
www.cenzic.com/products_services/products_overview.php
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384689-0-0-0-1-2-207)
MileSCAN Web Security Auditor
www.milescan.com/hk/index.php?option=com_content&view=category&layout=blog&id=13&Itemid=45
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384690-0-0-0-1-2-207)
N-Stalker Web Application Security Scanner 2006
www.nstalker.com/products/ (http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384691-0-0-0-1-2-207)
Nikto 2 (open source)
cirt.net/code/nikto.shtml (http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384692-0-0-0-1-2-207)
Pantera (open source)
www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384693-0-0-0-1-2-207)
Parasoft WebKing
www.parasoft.com/jsp/products/home.jsp?product=WebKing&itemID=86
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384694-0-0-0-1-2-207)
Sandcat
www.syhunt.com/?section=sandcat (http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384695-0-0-0-1-2-207)
VForce
www.virtualforge.de/vforce.php (http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384696-0-0-0-1-2-207)
Wapiti (open source)
wapiti.sourceforge.net/ (http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384697-0-0-0-1-2-207)
----------------------------------------
ADVERTISEMENT
Bit9
Getting the Job Done: Comparing Approaches for Desktop Software Lockdown
Preventing the installation and execution of unauthorized software
should be a high priority for any IT-conscious organization. Allowing
users to install or execute unauthorized software can expose an
organization to a variety of stability, security, and legal risks, not
to mention the burden of support costs. This paper will compare and
contrast a variety of techniques for detecting and preventing
unauthorized code, such as:
* User rights restrictions
* Group policy objects and software restriction policies
* Hash rules
* Path rules
* Internet zone rules
Read this complimentary white paper today!
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384698-0-0-0-1-2-207
----------------------------------------
SECURITY NEWS AND FEATURES
--Kidaro to Become a Microsoft Solution
Microsoft announced its intention to acquire Kidaro, maker of desktop
virtualization tools that enhance security, manageability, and mobility.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384699-0-0-0-1-2-207
--Countless RFID Cards at Risk
Researchers have proved that cracking the cryptography of RFID cards
that use Mifare Classic (Standard) integrated circuits (ICs) takes only
a matter of seconds. Such cards are widely used around the world to
control various types of access.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384700-0-0-0-1-2-207
--McAfee Reports Mass IFRAME Attack Underway
Attackers are once again injecting malicious IFRAMEs into Web pages in
an effort to exploit weaknesses in ActiveX controls. So far, over 10,000
sites have become portals of attack.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384701-0-0-0-1-2-207
--Finjan Wins Patent Suit, Secure Computing Intends to Appeal
Finjan won its patent lawsuit against Secure Computing, which has been
ordered to pay Finjan substantial damage awards.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384702-0-0-0-1-2-207
--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at
www.windowsitpro.com/departments/departmentid/752/752.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384703-0-0-0-1-2-207)
GIVE AND TAKE
--SECURITY MATTERS BLOG: Spam and Phishing; Dangerous Medical Devices;
Web Application Security
by Mark Joseph Edwards
MX Logic says spam and phishing are on the rise; poor security-related
decision making in the creation of medical devices can cost people their
lives; and Web applications that don't validate user-provided data can
allow all sorts of bad and embarrassing things to happen. Read the
Security Matters blog to learn about these and other issues.
windowsitpro.com/blog/index.cfm?action=BlogIndex&DepartmentID=949
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384704-0-0-0-1-2-207)
--FAQ: How to View HTML in Help Files
by John Savill
Q: Why won't the navigation links display in an HTML Help file that I
downloaded?
Find the answer at
windowsitpro.com/article/articleid/98428
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384705-0-0-0-1-2-207)
--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in
Security Pro VIP's Reader to Reader column. Email your contributions to
r2r@securityprovip.com (mailto:r2r@securityprovip.com). If we print your
submission, you'll get $100. We edit submissions for style, grammar, and
length.
PRODUCTS
--Authentication for Web Applications
by Renee Munshi
Arcot Systems announced the immediate availability of Arcot A-OK
On-Demand, a multifactor authentication solution for Web-based
applications. Arcot also said that Arcot A-OK is immediately available
to Google Apps Premier Edition (GAPE) customers for $1 per user per
month. Arcot A-OK adds a layer of authentication to the standard
username and password combination and is hosted by Arcot from its data
center. For more information, go to
www.arcot.com/google (http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384706-0-0-0-1-2-207)
--New SSL VPN Appliances
by Renee Munshi
WatchGuard Technologies unveiled the WatchGuard SSL 1000 and WatchGuard
SSL 500 appliances to give remote and mobile workers secure connectivity
to their corporate network. WatchGuard SSL 1000 and 500 offer Web
browsers or thin clients, end-point integrity checking, network
interface control, as well as virtual desktops and session cleanup. The
WatchGuard SSL 1000 and 500 appliances will be available the first week
in April. The WatchGuard SSL 1000 with a 10-user license lists for
$8,500, and the WatchGuard SSL 500 with a 10-user license is $5,000. For
more information, go to
www.watchguard.com/ (http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384707-0-0-0-1-2-207)
RESOURCES AND EVENTS
E-Discovery Web Seminar--March 20, 2008 (12:00 PM EDT)
How can you effectively prepare to meet e-discovery needs without
breaking your messaging budget? What do you need to know to plan a
robust e-discovery strategy? In this Webcast, Paul Robichaux explores
the world of e-discovery and explains what to look for--and what to look
out for--when planning your system.
www.windowsitpro.com/go/seminars/sherpasoftware/ediscovery/?partnerref=031208er
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384708-0-0-0-1-2-207)
Know More & Win!
Register for select Web seminars before April 11, and you'll be entered
to win one of three iPod Shuffles.
www.windowsitpro.com/Events/?code=031208er
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384709-0-0-0-1-2-207)
Join us for the SharePoint Pro Live! Technical Event Series and get
information-packed technical training on the most common business uses
of SharePoint. Attendees in 10 US cities will learn how to better use
SharePoint to maximize their organizational effectiveness. Preregister
online for only $99.
www.windowsitpro.com/roadshows/sharepointprolive/?code=022708er
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384710-0-0-0-1-2-207)
FEATURED WHITE PAPER
Deploy Windows Server 2008 with System Center--Reduce your configuration
time.
Server administrators used to install Windows Server manually and then
spend hours configuring the server. Learn how to simplify and automate
OS deployments with System Center Configuration Manager 2007. This white
paper helps you get started in unifying your server and client
deployment tools.
www.windowsitpro.com/Whitepapers/Index.cfm?fuseaction=ShowWP&WPID=b8f3c936-b024-47f4-b484-8ad537285a80&code=031208er
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384711-0-0-0-1-2-207)
ANNOUNCEMENTS
Check out all the info-packed publications offered by Windows IT Pro!
If you're receiving the HTML version of this email newsletter, click
"Our Publications" in the menu bar; otherwise, click the link below:
store.pentontech.com/index.cfm?s=1&cid=18000306&promotionid=18003253&code=
(http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384712-0-0-0-1-2-207)
CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384713-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384714-0-0-0-1-2-207
You are subscribed to this newsletter as boy.blogger@gmail.com
Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384715-0-0-0-1-2-207.
Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.
To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384717-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-4174-803-202-62923-384718-0-0-0-1-2-207
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2008, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment